RE: Iptables can't close port 25 and 110
I'm not running NAT or TOS, the nat and mangle modules aren't loaded, so
I guess the tables don't exist either. It's a single homed server.
Iptables is configures as followed:
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:smtp
reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
When running NMAP to scan port 25, tcpdump generates the following
output:
21:09:51.034830 10.0.0.13.4873 > 10.0.0.4.smtp: S 29225080:29225080(0)
win 64240 <mss 1460,nop,nop,sackOK> (DF)
21:09:51.034891 10.0.0.4 > 10.0.0.13: icmp: 10.0.0.4 tcp port smtp
unreachable [tos 0xc0]
21:09:51.035143 10.0.0.4.34627 > SpeedTouch.lan.domain: 44052+ PTR?
13.0.0.10.in-addr.arpa. (40) (DF)
21:09:51.035888 SpeedTouch.lan.domain > 10.0.0.4.34627: 44052 0/0/0
(40)
The following output is generated when I scan port 199 (I added a reject
rule offcourse):
21:25:02.267951 10.0.0.13.4907 > 10.0.0.4.smux: S 259491857:259491857(0)
win 64240 <mss 1460,nop,nop,sackOK> (DF)
21:25:02.268013 10.0.0.4 > 10.0.0.13: icmp: 10.0.0.4 tcp port smux
unreachable [tos 0xc0]
Ronald
-----Original Message-----
From: Raffaele D'Elia [mailto:R.DElia@starcomitalia.com]
Sent: maandag 26 januari 2004 18:50
To: Ronald Laarman; debian-firewall@lists.debian.org
Subject: RE: Iptables can't close port 25 and 110
mmh Have you flushed also the nat and the mangle tables? I'm thinking
about a redirect. If the syn packet sent to the port 25 is redirected to
another port nmap cannot know it: it tells "port 25 open"
do you have tcpdump or a similar tool installed? i think we have to see
what's happening!
Radel
Reply to: